Static Consent and the Dynamic Web

Last week Facebook announced the end of regional networks for access control. The move makes sense: regional networks had no authentication so information available to them was easy to get with a fake account. Still, silently making millions of weakly-restricted profiles globally viewable raises some disturbing questions. If Terms of Service promise to only share data consistent with users’ privacy settings, but the available privacy settings change as features are added, what use are the terms as a legal contract? This is just one instance of a major problem for rapidly evolving web pages which rely on a static model of informed consent for data collection. Even “privacy fundamentalists” who are careful to read privacy policies and configure their privacy settings can’t be confident of their data’s future for three main reasons:

Functionality Changes: Web 2.0 sites add features constantly, usually with little warning or announcement. Users are almost always opted-in for fear that features won’t get noticed otherwise. Personal data is shared before users have any chance to opt out. Facebook has done this repeatedly, opting users in to NewsFeed, Beacon, Social Ads, and Public Search Listings. This has generated a few sizeable backlashes, but Facebook maintains that users must try new features in action before they can reasonably opt out.

Contractual Changes: Terms of Service documents can often be changed without notice, and users automatically agree to the new terms by continuing to use the service. In a study we’ll be publishing at WEIS next month evaluating 45 social networking sites, almost half don’t guarantee to announce changes to their privacy policies. Less than 10% of the sites commit to a mandatory notice period before implementing changes (typically a week or less). Realistically, at least 30 days are needed for fundamentalists to read the changes and cancel their accounts if they wish.

Ownership Changes: As reported in the excellent survey of web privacy practices by the KnowPrivacy project at UC Berkeley, the vast majority (over 90%) of sites explicitly reserve the right to share data with ‘affiliates’ subject only to the affiliate’s privacy policy. Affiliate is an ambiguous term but it includes at least parent companies and their subsidiaries. If your favourite web site gets bought out by an international conglomerate, your data is transferred to the new owners who can instantly start using it under their own privacy policy. This isn’t an edge case, it’s a major loophole: websites are bought and sold all the time and for many startups acquisition is the business model.

For any of these reasons, the terms under which consent was given can be changed without warning. Safely disclosing personal data on the web thus requires continuously monitoring sites for new functionality, updated terms of service, or mergers, and instantaneously opting out if you are no longer comfortable. This is impossible even for privacy fundamentalists with an infinite amount of patience and legal knowledge, rendering the old paradigm of informed consent for data collection unworkable for Web 2.0.

I guess for a real privacy “privacy fundamentalist” there is only one “informed consent” they can make which is not to partake of any of these services.

@ LiveFreeOrTaxedHard,

“Free news websites will be over, according to the Murdoch news reports.”

Don’t believe everything Rupert Murdoch claims. It was not to long ago he was saying he would be taking “paywalls” down.

His viewpoint I suspect might have something to do with Google. They currently have an arangment where Google pays 900million over three years. Google have said they are not getting anything out of the relationship so it would appear they have little or no intention of renewing the deal.

The advertising side has proved to be a bit problematical for all but the largest Internet organisations, however it is currently losely based on two traditional models (newspapers and broadcast).

Store front has it’s problems but works fairly well for many many organisations of all sizes and is perhaps the most understandable of income models as it’s the same as catalogue or other mail order shopping models that are over a century old.

Data collection is somewhat insideous and is as far as I know not a proven method. It is not realy based on traditional income models and is based on personal information (habits) be it identifiable or not.

Payment models on the Internet break down into two broad areas services and access.

The service payment model is almost exactly like it was before the Internet and thus is well understood.

The access payment model however is not at all understood on the Internet. Previous models of access service had a hidden assumption in them which is the “cost of distance” the Internet has removed this and it has major implications.

Essentialy there are three basic payment systems within the access model,

1, Subscription.
2, Pay-as-U-go.
3, One off.

Of these subscription is least effected by no “distance cost” and is mainly based on the “periodical” (journals/postal newspapers etc) model. You basicaly make a subscription for access for a calender period (month/year etc). This is fairly easy to understand but there is only realy money in it for premium services.

Pay as you go services work on the idea that you buy access not by calander time but to a fixed number of access items. This alows the access supplier to spread the administerative costs across the number of access.

One off access payment is where the no “distance cost” has had a very real effect. You are not compeating localy anymore but globaly and your customers may only ever use your services once. They may not care or even know who you are as they have used a global search engine to find what they are looking for (grazing model).

This has two major issues one you are compeating in a global market the other is collecting payment. The nature of the global market and intangable goods is that the price needs to be very very low. To make money you need a payment system that is set up to make Micro or Pico charging possable.

Until fairly reacently there was no viable model for Micro/Pico payments so many suppliers of intangable goods gave them away and relied on advertising etc to earn revenue.

And this is the problem Mr Murdoch has, his empire is a money machine that has no method of making money via anything other than the very traditional models (subscription / advertising). For him it is one method or the other.

However as mobile phone companies have shown they already have in place a micro charging network which can deal effectivly with payments in cents. And if you look at many of the up and coming services on mobile phones you will see the proto models of where Internet charging is likley to go.

And this model is realy scaring the likes of EVM and other credit card companies they traditionaly cannot deal with payments of less than a few dollars so are currently out of the micro payment game. Unless they move into it they are likley to ceed their business to who ever does put a successfull Micro/pico charging system in place.

But untill then Rupert Murdoch and many others will make their “doom say” predictions. In reality what they are advertising is their organisational failings not their successes when making such anouncments.

This free site from EFF should help privacy fundamentalists spot changes – analyzing the implications are a different matter: “TOSBack keeps an eye on 58 website policies. Every time one of them changes, you’ll see an update here.”http://www.tosback.org/timeline.php

Tracking of people and data is worth a lot. Add up control of info like puppet masters and you have a scary stasi society. Lack of computer security sure is a dark binding ring of power.

Well, I am starting to respect the power of Murdoch and the Democrat political spoils wave, even though, I hate/despise/all_emotional_hell_words_that_apply* for what it entails to society, and the “free” world.